From b2bdbf907730184907b98f2dcf869c1bf87369a9 Mon Sep 17 00:00:00 2001 From: Yvan Sraka Date: Tue, 22 Jul 2025 11:39:03 +0200 Subject: [PATCH 1/3] chores: opted-out nix-fast-build --- .github/workflows/nix-build.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 058d9087b..d2a98b065 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -106,9 +106,7 @@ jobs: df -h - name: Build psql bundle run: > - nix run "github:Mic92/nix-fast-build?rev=b1dae483ab7d4139a6297e02b6de9e5d30e43d48" - -- --skip-cached --no-nom ${{ matrix.runner == 'macos-latest-xlarge' && '--max-jobs 1' || '' }} - --flake ".#checks.$(nix eval --raw --impure --expr 'builtins.currentSystem')" + nix build ".#checks.$(nix eval --raw --impure --expr 'builtins.currentSystem')" env: AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} From a921779c0d8488d07d2b59e4812351bfef95c598 Mon Sep 17 00:00:00 2001 From: Yvan Sraka Date: Thu, 24 Jul 2025 09:42:53 +0200 Subject: [PATCH 2/3] chores: set up nix-github-actions --- .github/workflows/nix-build.yml | 31 +++++++++++++++++++------------ flake.lock | 21 +++++++++++++++++++++ flake.nix | 3 +++ nix/github-actions.nix | 6 ++++++ 4 files changed, 49 insertions(+), 12 deletions(-) create mode 100644 nix/github-actions.nix diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index d2a98b065..3d610ef3c 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -15,18 +15,27 @@ permissions: packages: write jobs: + nix-matrix: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v30 + - id: set-matrix + name: Generate Nix Matrix + run: | + set -Eeu + matrix="$(nix eval --json '.#githubActions.matrix')" + echo "matrix=$matrix" >> "$GITHUB_OUTPUT" + build-run-image: + name: ${{ matrix.name }} (${{ matrix.system }}) + needs: nix-matrix + runs-on: ${{ matrix.os }} strategy: fail-fast: false - matrix: - include: - - runner: large-linux-x86 - arch: amd64 - - runner: large-linux-arm - arch: arm64 - - runner: macos-latest-xlarge - arch: arm64 - runs-on: ${{ matrix.runner }} + matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}} timeout-minutes: 180 steps: - name: Checkout Repo @@ -104,9 +113,7 @@ jobs: sudo rm -rf /tmp/* 2>/dev/null || true echo "=== AFTER CLEANUP ===" df -h - - name: Build psql bundle - run: > - nix build ".#checks.$(nix eval --raw --impure --expr 'builtins.currentSystem')" + - run: nix build -L '.#${{ matrix.attr }}' env: AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} diff --git a/flake.lock b/flake.lock index 9d2865e1d..b9a8b2f83 100644 --- a/flake.lock +++ b/flake.lock @@ -173,6 +173,26 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737420293, + "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix2container": { "inputs": { "flake-utils": "flake-utils_2", @@ -309,6 +329,7 @@ "git-hooks": "git-hooks", "nix-editor": "nix-editor", "nix-fast-build": "nix-fast-build", + "nix-github-actions": "nix-github-actions", "nix2container": "nix2container", "nixpkgs": "nixpkgs_4", "nixpkgs-go124": "nixpkgs-go124", diff --git a/flake.nix b/flake.nix index db14dac9a..f91facd4b 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,8 @@ git-hooks.url = "github:cachix/git-hooks.nix"; git-hooks.inputs.nixpkgs.follows = "nixpkgs"; nixpkgs-go124.url = "github:Nixos/nixpkgs/d2ac4dfa61fba987a84a0a81555da57ae0b9a2b0"; + nix-github-actions.url = "github:nix-community/nix-github-actions"; + nix-github-actions.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -36,6 +38,7 @@ nix/nixpkgs.nix nix/packages nix/overlays + nix/github-actions.nix ]; }); } diff --git a/nix/github-actions.nix b/nix/github-actions.nix new file mode 100644 index 000000000..b2f04a6c2 --- /dev/null +++ b/nix/github-actions.nix @@ -0,0 +1,6 @@ +{ inputs, ... }: +{ + flake.githubActions = inputs.nix-github-actions.lib.mkGithubMatrix { + checks = inputs.nixpkgs.lib.getAttrs [ "x86_64-linux" ] inputs.self.checks; + }; +} From eaefc20b70b0c2032efe7af54fef13c99cd489fb Mon Sep 17 00:00:00 2001 From: Yvan Sraka Date: Mon, 11 Aug 2025 09:11:45 +0200 Subject: [PATCH 3/3] chores: comment out vestigal testinfra-ami-build --- .github/workflows/nix-build.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 3d610ef3c..7551a14fa 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -10,7 +10,7 @@ on: permissions: id-token: write - # required by testinfra-ami-build dependent workflows + # required by dependent workflows contents: write packages: write @@ -119,13 +119,6 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }} - run-testinfra: - needs: build-run-image - if: ${{ success() }} - uses: ./.github/workflows/testinfra-ami-build.yml - secrets: - DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }} - run-tests: needs: build-run-image if: ${{ success() }}